RHSA-2018:1191-1: Critical: java-1.8.0-openjdk security update

Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815

Read More

RHSA-2018:1188-1: Critical: java-1.8.0-openjdk security update

Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux
6.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815

Read More

More L337 Translations

More L337 Translations

Image
bash

Dave Taylor
Thu, 04/19/2018 – 09:20

Dave continues with his shell-script L33t translator.

In my last
article
, I talked about the inside jargon of hackers and computer geeks
known as “Leet Speak” or just “Leet”. Of course, that’s a shortened version
of the word Elite, and it’s best written as L33T or perhaps L337 to be
ultimately kewl. But hey, I don’t judge.

Last time I looked at a series of simple letter substitutions that allow
you to
convert a sentence like “I am a master hacker with great
skills” into something like this:


I AM A M@ST3R H@XR WITH GR3@T SKILLZ

It turns out that I missed some nuances of Leet and didn’t realize that
most often the letter “a” is actually turned into a “4”, not
an “@”, although as with just about everything about the jargon,
it’s somewhat random.

In fact, every single letter of the alphabet can be randomly tweaked and
changed, sometimes from a single letter to a sequence of two or three
symbols. For example, another variation on “a” is “/-” (for
what are hopefully visually obvious reasons).

Continuing in that vein, “B” can become “|3”, “C” can become “[“,
“I” can become “1”, and one of my favorites, “M” can
change into “[]V[]”. That’s a lot of work, but since one of the
goals is to have a language no one else understands, I get it.

There are additional substitutions: a word can have its trailing “S”
replaced by a “Z”, a trailing “ED” can become
“‘D” or just “D”, and another interesting one is that words
containing “and”, “anned” or “ant” can have that
sequence replaced by an ampersand (&).

Let’s add all these L337 filters and see how the script is shaping up.

But First, Some Randomness

Since many of these transformations are going to have a random element,
let’s go ahead and produce a random number between 1–10 to figure
out whether to do one or another action. That’s easily done with the
$RANDOM variable:


doit=$(( $RANDOM % 10 ))       # random virtual coin flip

Now let’s say that there’s a 50% chance that a -ed suffix is going
to change to “‘D” and a 50% chance that it’s just going to become
“D”, which is coded like this:


if [ $doit -ge 5 ] ;  then
  word="$(echo $word | sed "s/ed$/d/")"
else
  word="$(echo $word | sed "s/ed$/'d/")"
fi

Let’s add the additional transformations, but not do them every time.
Let’s give them a 70–90% chance of occurring, based on the transform
itself. Here are a few examples:


if [ $doit -ge 3 ] ;  then
  word="$(echo $word | sed "s/cks/x/g;s/cke/x/g")"
fi

if [ $doit -ge 4 ] ;  then
  word="$(echo $word | sed "s/and/&/g;s/anned/&/g;
     s/ant/&/g")"
fi

And so, here’s the second translation, a bit more sophisticated:


$ l33t.sh "banned? whatever. elite hacker, not scriptie."
B&? WH4T3V3R. 3LIT3 H4XR, N0T SCRIPTI3.

Note that it hasn’t realized that “elite” should become L337 or
L33T, but since it is supposed to be rather random, let’s just leave this
script as is. Kk? Kewl.

If you want to expand it, an interesting programming problem is to break
each word down into individual letters, then randomly change lowercase to
uppercase
or vice versa, so you get those great ransom-note-style WeiRD LeTtEr
pHrASes.

Next time, I plan to move on, however, and look at the great command-line
tool youtube-dl, exploring how to use it to download videos and even
just the audio tracks as MP3 files.

Read More

Help Canonical Test GNOME Patches, Android Apps Illegally Tracking Kids, MySQL 8.0 Released and More

News briefs for April 19, 2018.

Help Canonical test the GNOME desktop memory leak fixes in
Ubuntu 18.04 LTS (Bionic Beaver) by downloading and installing the
current daily ISO for your hardware from here: http://cdimage.ubuntu.com/daily-live/current/bionic-desktop-amd64.iso.
Then download the patched version of gjs, install, reboot, and then
just use your desktop normally. If performance seems impacted by the new
packages, re-install from the ISO again, but don’t install the new packages
and see if things are better. See the Ubuntu
Community page
for more detailed instructions.

Thousands of Android apps downloaded from the Google Play store may be tracking kids’ data illegally, according
to a new study.
NBC News reports: “Researchers at the University of California’s International Computer
Science Institute analyzed 5,855 of the most downloaded kids apps,
concluding that most of them are ‘are potentially in violation’ of the
Children’s Online Privacy Protection Act 1998, or COPPA, a federal law
making it illegal to collect personally identifiable data on children under
13.”

MySQL 8.0 has been released. This new version “includes significant performance,
security and developer productivity improvements enabling the next
generation of web, mobile, embedded and Cloud applications.” MySQL 8.0
features include MySQL document store, transactional data dictionary, SQL
roles, default to utf8mb4 and more. See the white
paper
for all the details.

KDE announced
this morning that
KDE Applications 18.04.0 are now available. New features include
improvements to panels in the Dolphin file manager; Wayland support for
KDE’s JuK music player; improvements to Gwenview, KDE’s image viewer and
organizer; and more.

Collabora Productivity, “the driving force behind putting LibreOffice in
the cloud”, announced
a new release of its enterprise-ready cloud document suite—Collabora
Online 3.2. The new release includes implemented chart creation, data
validation in Calc, context menu spell-checking and more.

Read More

An Update on Linux Journal

An Update on Linux Journal

Image
Linux Journal magazine covers

Carlie Fairchild
Wed, 04/18/2018 – 12:41

So many of you have asked how to help Linux Journal continue to be published* for years to come.

First, keep the great ideas coming—we all want to continue making Linux Journal 2.0 something special, and we need this community to do it.

Second, subscribe or renew. Magazines have a built-in fundraising program: subscriptions. It’s true that most magazines don’t survive on subscription revenue alone, but having a strong subscriber base tells Linux Journal, prospective authors, and yes, advertisers, that there is a community of people who support and read the magazine each month.

Third, if you prefer reading articles on our website, consider becoming a Patron. We have different Patreon reward levels, one even gets your name immortalized in the pages of Linux Journal.

Fourth, spread the word within your company about corporate sponsorship of Linux Journal. We as a community reject tracking, but we explicitly invite high-value advertising that sponsors the magazine and values readers. This is new and unique in online publishing, and just one example of our pioneering work here at Linux Journal.  

Finally, write for us! We are always looking for new writers, especially now that we are publishing more articles more often.
 

With all our gratitude,

Your friends at Linux Journal

 

*We’d be remiss to not acknowledge or thank Private Internet Access for saving the day and bringing Linux Journal back from the dead. They are incredibly supportive partners and sincerely, we can not thank them enough for keeping us going. At a certain point however, Linux Journal has to become sustainable on its own.

Read More

Rise of the Tomb Raider Comes to Linux Tomorrow, IoT Developers Survey, New Zulip Release and More

News briefs for April 18, 2018.

Rise of the Tomb Raider: 20 Year Celebration comes to Linux tomorrow! A minisite
dedicated to Rise of the Tomb Raider
is available now from Feral
Interactive, and you also can view the trailer on Feral’s
YouTube channel.

Zulip 1.8, the open-source team chat software, announces the
release of Zulip Server 1.8
. This is a huge release, with more than 3500 new
commits since the last release in October 2017. Zulip “is an alternative to
Slack, HipChat, and IRC. Zulip combines the immediacy of chat with the
asynchronous efficiency of email-style threading, and is 100% free and
open-source software”.

The IoT
Developers Survey 2018
is now available. The survey was sponsored by
the Eclipse IoT Working Group, Agile IoT, IEEE and the Open Mobile Alliance
“to better understand how developers are building IoT solutions”. The survey
covers what people are building, key IoT concerns, top IoT programming languages
and distros, and more.

Google released Chrome 66 to its stable channel for desktop/mobile users.
This release includes many security improvements as well as new JavaScript
APIs. See the Chrome Platform
Status
site for details.

openSUSE Leap 15 is scheduled
for release
May 25, 2018. Leap 15 “shares a common core with SUSE Linux Enterprise (SLE) 15 sources and
has thousands of community packages on top to meet the needs of professional
and semi-professional users and their workloads.”

GIMP 2.10.0 RC 2 has been released.
This release fixes 44 bugs and introduces important performance
improvements. See the complete list of changes here.

Read More

Linux Administration – News and Blog